EUROCONTROL
RSA 4.1.1 Software Token for Multiple Window Users on a Single Desktop Edition No. : 2.002
Edition Issue Date : 02 Jul 2012
Author : SIN
Reference : RSA/TRD/MultipleUsers
Copy No. : ← stamp here
CFMU EUROCONTROL Document Title: Document Reference:
RSA 4.1.1 Software Token for Multiple Window Users on a Single Desktop
RSA/TRD/MultipleUsers
Edition: 2.002
2
Document Control Copyright Notice
© 2002 European Organisation for the Safety of Air Navigation (EUROCONTROL). All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of EUROCONTROL.
Approval Table
AUTHORITY DATE SIGNATURE
Author
SIN
Document Identification
Full Title: RSA 4.1 Software Token for Multiple Window Users on a Single Desktop
Total Number of Pages: 15
CFMU EUROCONTROL Document Title: Document Reference:
RSA 4.1.1 Software Token for Multiple Window Users on a Single Desktop
RSA/TRD/MultipleUsers
Edition: 2.002
3
Table Of Contents
1 Introduction ........................................................................................................................ 4
2 Platforms............................................................................................................................. 4
3 Documentation ................................................................................................................... 4
4 Create 2 registry scripts .................................................................................................... 4 4.1 Script 1 ........................................................................................................................... 4 4.2 Script 2 ........................................................................................................................... 5
5 Download the RSA 4.1 for desktop................................................................................... 6
6 Token seeds........................................................................................................................ 6
7 Installation procedure........................................................................................................ 6 7.1 Logon as PC administrator ............................................................................................. 6
8 Execute both registry scripts............................................................................................ 7
9 Start the RSA software ...................................................................................................... 9 9.2 Logon as basic user ..................................................................................................... 11
10 Installation of a second token......................................................................................... 12 10.1 Install a second token on the same desktop ................................................................ 12 10.2 Logon as administrator again ....................................................................................... 12
11 Problems ........................................................................................................................... 15
DOCUMENT FINAL PAGE ........................................................................................................ 16
CFMU EUROCONTROL Document Title: Document Reference:
RSA 4.1.1 Software Token for Multiple Window Users on a Single Desktop
RSA/TRD/MultipleUsers
Edition: 2.002
4
1 Introduction (1) The purpose of this documentation is to give guidance to CFMU customers on how to configure
the RSA software token 4.1 for multiple Windows users using a single desktop.
(2) It is assumed that the reader is an experienced PC administrator.
(3) Execute step as described by these snapshots.
(4) It is assumed that the RSA was never installed prior to this installation.
a) If RSA was already installed, you need to remove the software, remove all traces of RSA folder and registry setting.
b) So it is recommended to “try” this procedure on a “clean” PC.
2 Platforms (1) This procedure has been validated on Windows XP and Windows 7.
3 Documentation (1) This documentation is available @
(2) http://www.cfmu.eurocontrol.int/chmi_appsoft/CHMI/Tokens/RSA411-documentation_for_multiple_windows_users_using_the_same_desktop.pdf
4 Create 2 registry scripts
4.1 Script 1 1. With notepad, create a script name “RSA-policies-part1.reg” 2. The content is
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\RSA] "DisableSetDevicePassword"=dword:00000000 "ValidDevices"=hex(7):00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\RSA\Software Token] "DisableSetDevicePassword"=dword:00000000 "ValidDevices"=hex(7):00,00
CFMU EUROCONTROL Document Title: Document Reference:
RSA 4.1.1 Software Token for Multiple Window Users on a Single Desktop
RSA/TRD/MultipleUsers
Edition: 2.002
5
4.2 Script 2 (1) With notepad, create a script name “RSA-deskop-part2.reg”
(2) The content is Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\RSA] [HKEY_LOCAL_MACHINE\SOFTWARE\RSA\RSA Desktop Common] [HKEY_LOCAL_MACHINE\SOFTWARE\RSA\RSA Desktop Common\RSA P11] [HKEY_LOCAL_MACHINE\SOFTWARE\RSA\Software Token] [HKEY_LOCAL_MACHINE\SOFTWARE\RSA\Software Token\Desktop] "InstallDir"="C:\\Program Files\\RSA SecurID Software Token\\" "LegacyDatabaseKey"=hex: [HKEY_LOCAL_MACHINE\SOFTWARE\RSA\Software Token\Library] "AutomationDllPath"="C:\\Program Files\\RSA SecurID Token Common\\" "LogLevel"="INFO" "InstallDir"="C:\\Program Files\\RSA SecurID Token Common\\" "CopyProtection"=dword:00000000 @="" "DatabasePath"="c:\\RSA SecurID Software Token Library" "SingleDatabase"=dword:00000001 "CopyToSystem32"="TRUE"
CFMU EUROCONTROL Document Title: Document Reference:
RSA 4.1.1 Software Token for Multiple Window Users on a Single Desktop
RSA/TRD/MultipleUsers
Edition: 2.002
6
5 Download the RSA 4.1 for desktop (1) If not done, download:
(2) http://www.cfmu.eurocontrol.int/chmi_appsoft/CHMI/Tokens/RSASecurIDToken411.zip
6 Token seeds (1) Ensure that you have the appropriate token seed (user1_ serial_number1.sdtid) and user2_
serial_number2.sdtid.
(2) The documentation will be based on these 2 usernames and has been tested up to 4 usernames on the same desktops.
7 Installation procedure
7.1 Logon as PC administrator
(1) Extract RSASecurIDToken411.msi from the zip file above.
(2) Execute: RSASecurIDToken411.msi on the target PC
a) Select US or Europe
b) Accept all default setting
(3) Do not start the RSA application (ensure that the box is deselected)!
CFMU EUROCONTROL Document Title: Document Reference:
RSA 4.1.1 Software Token for Multiple Window Users on a Single Desktop
RSA/TRD/MultipleUsers
Edition: 2.002
8 Execute both registry scripts (1) Execute RSA-policies-part1.reg
7
CFMU EUROCONTROL Document Title: Document Reference:
RSA 4.1.1 Software Token for Multiple Window Users on a Single Desktop
RSA/TRD/MultipleUsers
Edition: 2.002
(2) Execute RSA-deskop-part2.reg
(3) These 2 scripts will change the location of the RSA seed database from the default location to
the new location (from c:\Documents and Settings\ECUSER\Local Settings\Application Data\RSA\RSA SecurID Software Token Library\RSASecurIDStorage to c:\RSA SecurID Software Token Library\ RSASecurIDStorage).
(4) The folder c:\RSA SecurID Software Token Library\ RSASecurIDStorage must has the appropriate permissions to be accessible by all users of this desktop.
8
CFMU EUROCONTROL Document Title: Document Reference:
RSA 4.1.1 Software Token for Multiple Window Users on a Single Desktop
RSA/TRD/MultipleUsers
Edition: 2.002
9 Start the RSA software (1) Double click on the user1_serial_number1.sdtid.
(2) Enter the appropriate installation password as indicated by the password file (user1.txt).
(3) Select change username
(4) Add the user name as a prefix the serial number.
9
CFMU EUROCONTROL Document Title: Document Reference:
RSA 4.1.1 Software Token for Multiple Window Users on a Single Desktop
RSA/TRD/MultipleUsers
Edition: 2.002
(5) The token seed should be correctly installed and the token name appears in the top left corner.
(6) Click right arrow to display the token code.
(7) If you see a visible Token code number, you may proceed to the next step.
10
CFMU EUROCONTROL Document Title: Document Reference:
RSA 4.1.1 Software Token for Multiple Window Users on a Single Desktop
RSA/TRD/MultipleUsers
Edition: 2.002
9.2 Logon as basic user
(1) Logoff as admin account
(2) Login as another account (not necessarily admin account)
(3) Verify with another user whether the token passcode information is visible.
(4) Then the operation is successful.
(5) For all other Windows accounts, these tokens willl be propagated.
11
CFMU EUROCONTROL Document Title: Document Reference:
RSA 4.1.1 Software Token for Multiple Window Users on a Single Desktop
RSA/TRD/MultipleUsers
Edition: 2.002
10 Installation of a second token
10.1 Install a second token on the same desktop
(1) If you need to install a second token on the same desktop, follow the following steps.
10.2 Logon as administrator again
(1) If the token is visible, you may then proceed with the remaining token installation.
(2) Install token seeds with preferably with an admin account.
(3) Snapshot for user2
(4) Enter password.
(5) When prompted, change the name
(6) Click on Change the name
12
CFMU EUROCONTROL Document Title: Document Reference:
RSA 4.1.1 Software Token for Multiple Window Users on a Single Desktop
RSA/TRD/MultipleUsers
Edition: 2.002
(7) Add, the user name as prefix of the serial number (leave the serial number, it will allow
Eurocontrol to identify the RSA token). Then click OK.
Click OK.
13
CFMU EUROCONTROL Document Title: Document Reference:
RSA 4.1.1 Software Token for Multiple Window Users on a Single Desktop
RSA/TRD/MultipleUsers
Edition: 2.002
(8) When a second token seed is installed, a token drop down menu is visible
(9) You can select another RSA user via the drop down menu.
(10) A list of user can be displayed via option/Token Storage Devices
14
CFMU EUROCONTROL Document Title: Document Reference:
RSA 4.1.1 Software Token for Multiple Window Users on a Single Desktop
RSA/TRD/MultipleUsers
Edition: 2.002
11 Problems (1) If you see do not see the token information but see a window: “enter Device Password”
(2) This means that the token database is not been correctly initialised.
(3) Action:
a) Close the RSA software
b) You will need to delete c:\RSA SecurID Software Token Library\ RSASecurIDStorage) with the admin account.
c) Then redo from section §7 (start RSA software).
L
15
CFMU EUROCONTROL Document Title: Document Reference:
RSA 4.1.1 Software Token for Multiple Window Users on a Single Desktop
RSA/TRD/MultipleUsers
Edition: 2.002
16
DOCUMENT FINAL PAGE To properly report any fault, or to propose a modification concerning the present document, please contact: [email protected]